|
631
|
7.5 |
HIGH
Network
|
-
|
-
|
pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one s…
New
|
CWE-346
CWE-693
CWE-829
Origin Validation Error
Protection Mechanism Failure
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-55487
|
2026-06-26 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
632
|
- |
|
-
|
-
|
ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role (free t…
New
|
CWE-94
Code Injection
|
CVE-2026-55413
|
2026-06-26 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
633
|
8.3 |
HIGH
Network
|
-
|
-
|
ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source compo…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-55412
|
2026-06-26 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
634
|
6.8 |
MEDIUM
Adjacent
|
-
|
-
|
ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-lts, the authenticated endpoint POST /api/data-sourc…
New
|
CWE-639
CWE-863
Authorization Bypass Through User-Controlled Key
Incorrect Authorization
|
CVE-2026-55411
|
2026-06-26 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
635
|
6.5 |
MEDIUM
Network
|
-
|
-
|
pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded ${ENV_VAR} placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations …
New
|
CWE-200
CWE-201
CWE-522
Information Exposure
Insertion of Sensitive Information Into Sent Data
Insufficiently Protected Credentials
|
CVE-2026-55180
|
2026-06-26 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
636
|
5.9 |
MEDIUM
Network
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring an…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-54040
|
2026-06-26 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
637
|
6.5 |
MEDIUM
Network
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/for…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-54037
|
2026-06-26 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
638
|
7.7 |
HIGH
Network
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This U…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-54033
|
2026-06-26 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
639
|
5.4 |
MEDIUM
Network
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown artifact preview pipeline. The marked library v15.0.12…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-54025
|
2026-06-26 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
640
|
6.5 |
MEDIUM
Network
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 (commit bb58a2d0) added limits: { fileSize } to createMulterInstance() in th…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-54024
|
2026-06-26 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
